Hello Kurt!
Glad that someone else has encountered the same thing. Well, sort of. :-)
The reason for mod_autoindex to look for .htaccess files in subdirectories is to exclude those subdirectories from the directory listing if the user isn't allowed access to them; a pretty nice feature.
I have also noticed the "access failed" error messages in the error log, and they are somewhat annoying, although perhaps necessary to make things simple.
Basic authentication (instead of digest authentication) seems to work fine, though, without any crashes and with the intended functionality. That's my temporary solution until this bug gets fixed.
Best regards,
Björn

I reviewed the 1.3.28 code some more and have a proposed patch (should I have
opened a separate bug report for 1.3.28?). If I understand things correctly the
following is happening... request_req.request_config is being intialized in
update_nonce_count. update_nonce_count appears to be called when the client
sends authorization records. Since the call to digest_check_auth is comming
from mod_autoindex's call to ap_sub_req_lookup_file and not from a browser
request with authorization records, update_nonce_count is not being called and
thus request_config is not being initialized.
The following patch assumes that if request_config is NULL then the call to
digest_check_auth must be coming from a non user request. If this is not true
then maybe another solution may be better. However, if the assumption is
correct then we know when a call to digest_check_auth has been initiated not by
a user, so we don't need to log and note the failure.
--- mod_auth_digest.c.orig Sat Feb 15 22:42:24 2003
+++ mod_auth_digest.c Sun Aug 10 23:03:16 2003
@@ -1788,6 +1788,7 @@
const digest_config_rec *conf =
(digest_config_rec *) ap_get_module_config(r->per_dir_config,
&digest_auth_module);
+ digest_header_rec *resp;
const char *user = r->connection->user;
int m = r->method_number;
int method_restricted = 0;
@@ -1851,15 +1852,21 @@
if (!method_restricted)
return OK;
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
- "Digest: access to %s failed, reason: user %s not allowed access",
- r->uri, user);
+ resp = (digest_header_rec *) ap_get_module_config(r->request_config,
+
&digest_auth_module);
- note_digest_auth_failure(r, conf,
- (digest_header_rec *) ap_get_module_config(r->request_config,
- &digest_auth_module),
- 0);
- return AUTH_REQUIRED;
+ /* if there isn't a resp initalized then this check auth
+ didn't come from a user request (i.e. FancyIndexing)
+ so don't log it */
+ if (resp != NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "Digest: access to %s failed, reason: user %s not allowed
access",
+ r->uri, user);
+
+ note_digest_auth_failure(r, conf, resp, 0);
+ }
+
+ return AUTH_REQUIRED;
}
Please excuse any white space style errors, I wasn't sure what the style was
from the existing code and didn't take the time to see if there was a published
style for apache.
-Kurt

This is ASF Bugzilla: the Apache Software Foundation bug system. In case
of problems with the functioning of ASF Bugzilla, please contact
bugzilla-admin@apache.org.
Please Note: this e-mail address is only for reporting problems
with ASF Bugzilla. Mail about any other subject will be silently
ignored.